This is from the DREDLaw.com archive. Originally published on 12/25/2011
 |
| Still available on Amazon! |
Showing posts with label European Union. Show all posts
Showing posts with label European Union. Show all posts
December 23, 2012
Data Privacy Rules And The Nazis
© By Cary J. Calderone, Esquire
This is from the DREDLaw.com archive. Originally published on 12/25/2011
It is the Christmas season. Those of us involved in DRED Law wish you and yours the happiest of holiday seasons. Along with many of the more important traditions that occur, this time of year brings television repeats of classic movies like The Sound of Music. For the past few years, I could not help but think of e-discovery and data privacy while watching parts of this movie. Now, I am not obsessed with e-discovery and data law. I promise you. However, a few scenes from the movie explain in most vivid detail just why the EU has a very different attitude and set of rules towards email and other information that may reveal a user's personal identification. So, this post is for all of you who are not aware, or, are uncertain as to why the EU Data Protection Act is far more strict and penal in attempting to protect personal privacy at work. Their default is, if it identifies a person by name, it is personal and protected by law. In the U.S., if it is about business or on the company servers, it's not protected. Let's see if these bits of dialogue from the movie validate my point and perhaps give you an idea of who, is to blame. Take, for example:
This is from the DREDLaw.com archive. Originally published on 12/25/2011
January 17, 2012
Data Privacy Rules in the EU, Asia, and USA and How John Cleese Might Summarize
Copyright © 2012 Cary J. Calderone, Esquire
I had the pleasure of attending a terrific breakout session run by Amor Esteban (bio) and William Kellermann (bio). My words would not do their presentation on Cross-Border Discovery and Data Privacy justice. So please forgive me for borrowing the words of John Cleese from The Meaning of Life to summarize:
Yes it's perfectly simple!
I had the pleasure of attending a terrific breakout session run by Amor Esteban (bio) and William Kellermann (bio). My words would not do their presentation on Cross-Border Discovery and Data Privacy justice. So please forgive me for borrowing the words of John Cleese from The Meaning of Life to summarize:
Before we begin your lesson, would those of you playing in the match this afternoon move your clothes down onto the lower peg, immediately after lunch. before you write your letter home, if you're not getting your hair cut, unless you've got a younger brother going out this weekend as the guest of another boy, in which case collect his note before lunch put it in your letter after you get your haircut and make sure he moves your clothes down to the lower peg for you. (Age restricted Python video clip on Youtube)
Yes it's perfectly simple!
December 25, 2011
The Hills Are Alive With the Sound of E-Discovery???
By Cary J. Calderone, Esquire
|
| Still available on Amazon! |
Rolf to Lissel when delivering a telegram for Captain Von Trapp- “We make it our business to know everything about everyone.”
Or, dialogue from Heir Zeller-“You were sent a telegram which you did not answer. A telegram from Admiral Von Schreiber of the navy of the 3rd Reich.”The reasons should now be clear. Once we in America understand the origins of the EU Data Protection Act, it will be easier to put in the systems and policies necessary to better comply with the rules. We will follow-up this holiday post in the new year with a more detailed explanation of the EU Data Privacy rules courtesy of a terrific breakout session run by Amor Esteban and William Kellermann. Until then, if you are frustrated and angry with the challenge of navigating US Data rules and EU Rules at the same time, take heart. You are not alone. We can all just blame the Nazis...
Captain Von Trapp “I was under the impression Heir Zeller that the contents of telegrams in Austria are private! At least the Austria I know.”
Happy Holidays
May 17, 2010
IQPC eDiscovery Panel-Global Issues
by Cary J. Calderone, Esquire
David C. Shonka, Esquire-Principal Deputy General Counsel, Federal Trade Commission
Benton Armstrong - Principal, Analytic and Forensic Technology, Deloitte Financial Advisory Services LLP
David Shonka stressed from the beginning, "if there is one takeaway best practice from this session-get local advice. European Union directives are not the last bit of advice. Each nation has its own interpretation of it. Local law firms in Europe and Asia are much more sophisticated now and can offer better advice."
Initial considerations for global eDiscovery:
Companies are employing new mobile technologies to go in with a small data center to process out personal and private data, then you can negotiate for collection/transfer from that point. For example, data sitting on server in Eastern Europe but it is Austrian employees' data. It was treated as though they were doing a collection in the Czech Republic. They ultimately collected what they needed but it was a very long and difficult process-got consent from the Data Privacy officer in the Czech Republic. Since this is a relatively new phenomenon, they are being extra cautious. Multinational organizations need to anticipate this.
There can be problems when parties do not want to cooperate but ultimately they do. Preservation process- while the consent process is going on the data is not preserved. Employees delay and then 5000 deletions will occur just before the data is supposed to be preserved.
We are getting better and more sensitive to private data in the US but still not equal to the EU. Convergence going on-don't think they will ever meet-but the realities of dealing with a global economy is forcing people to cooperate. Reminder that under the EU directive, looking at data equals "processing" and there are different stages:
Best practice from Benton Armstrong-"get all stakeholders together at the outset."Records Managers, Legal, IT from many if not all different offices and locations. Get the potential roadblocks out in the open early so you can plan for some of them. It will make the process much faster.
One positive thing I learned from this panel is that, since I first started this blog, the best practices for international eDiscovery have evolved. While certainly not simple and without potential pitfalls, there are now better operating procedures and protocols for negotiating this tricky area. I suspect as more and more global companies implement policies and procedures and have better trained and more experienced practitioners involved, the potential pitfalls will continue to dissipate.
David C. Shonka, Esquire-Principal Deputy General Counsel, Federal Trade Commission
Benton Armstrong - Principal, Analytic and Forensic Technology, Deloitte Financial Advisory Services LLP
David Shonka stressed from the beginning, "if there is one takeaway best practice from this session-get local advice. European Union directives are not the last bit of advice. Each nation has its own interpretation of it. Local law firms in Europe and Asia are much more sophisticated now and can offer better advice."
Initial considerations for global eDiscovery:
- Who has Jurisdiction?
- Who has control of the data?(maybe a 3rd party?) (Where is that party sitting?)
- Duplicate copies in the US?
- Where does the data sit?
- If you can get it, can you move it? Lot of restrictions on transfer (personal and sensitive data)
Companies are employing new mobile technologies to go in with a small data center to process out personal and private data, then you can negotiate for collection/transfer from that point. For example, data sitting on server in Eastern Europe but it is Austrian employees' data. It was treated as though they were doing a collection in the Czech Republic. They ultimately collected what they needed but it was a very long and difficult process-got consent from the Data Privacy officer in the Czech Republic. Since this is a relatively new phenomenon, they are being extra cautious. Multinational organizations need to anticipate this.
There can be problems when parties do not want to cooperate but ultimately they do. Preservation process- while the consent process is going on the data is not preserved. Employees delay and then 5000 deletions will occur just before the data is supposed to be preserved.
We are getting better and more sensitive to private data in the US but still not equal to the EU. Convergence going on-don't think they will ever meet-but the realities of dealing with a global economy is forcing people to cooperate. Reminder that under the EU directive, looking at data equals "processing" and there are different stages:
- Retention
- Disclosure
- Onward transfer
- Secondary use
- Who collects? Employees? Can cause problems
- In what form? Native or a forensic copy? Physical or logical? Remote or direct connect?
Best practice from Benton Armstrong-"get all stakeholders together at the outset."Records Managers, Legal, IT from many if not all different offices and locations. Get the potential roadblocks out in the open early so you can plan for some of them. It will make the process much faster.
One positive thing I learned from this panel is that, since I first started this blog, the best practices for international eDiscovery have evolved. While certainly not simple and without potential pitfalls, there are now better operating procedures and protocols for negotiating this tricky area. I suspect as more and more global companies implement policies and procedures and have better trained and more experienced practitioners involved, the potential pitfalls will continue to dissipate.
Subscribe to:
Posts (Atom)